So today I received an abuse email from hetzner with logs of my server's IP scanning for port 22 on the 192.168.x.x IP range.
Problem, the only stuff that we changed is adding a Minecraft plugin and after decompiling it nothing looks out of place.
The suspicious activity also looks like it stopped during the night, but I now have no idea where it could come from.
I tried to look up packets with wireshark but didn't find anything of use.
Does anyone have an idea to fix this ?
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.